original analysis of the development path of civil military integration in the field of network security in the united states

Posted by tzul at 2020-03-29

The United States attaches great importance to the issue of civil military integration in the field of cybersecurity, raising it to the height of national strategy, and actively promotes top-level planning by issuing cybersecurity strategy, strengthening top-level leadership in cyberspace and strengthening the construction of legal system.

1. Release network security strategy, rise to national will

In recent years, the U.S. government and the Department of defense have attached great importance to the development of civil military integration in cyberspace, and have issued a series of documents to raise civil military integration in cyberspace to a national strategy for overall consideration. As early as the Bush era, the United States promulgated the national strategy for Cyberspace Security, which explicitly requires 22 Military and local departments, including the Department of Homeland Security and the Department of defense, to be jointly responsible for the security of the country's key information infrastructure; to build a National Cybersecurity response system composed of early warning systems, such as the Department of defense, the Department of justice and the Department of Commerce; and to strengthen coordination among law enforcement, national security and national defense departments, Jointly respond to the threat of cyber attacks. In 2011, the U.S. Department of Defense issued the cyberspace action strategy. Among the five major strategic initiatives, the third is to require the Department of defense to work together with other government departments and private enterprises to build a Cyberspace Security Strategy of "government playing chess". In March 2012, the Obama administration published the big data research and development initiative, which established the information network security strategy based on big data. Its national innovation strategy, national security strategy, national industrial development strategy and national information network security strategy are all based on big data, which requires six government departments and institutions such as the Ministry of defense and the Defense Advanced Research Planning Bureau to undertake the same task In response to the task, jointly promote the development of big data technology in the United States. In April 2015, the new version of the cyberspace strategy of the U.S. Department of defense emphasized once again that "the Department of defense has always benefited from private sector innovation, and it will continue to work closely with the private sector to help the new concept of DoD cybersecurity with the help of commercialization". The new strategy goes beyond the traditional "military civilian divide" boundary. The military forces flood into the key civil infrastructure, bringing the network infrastructure operated by the private sector into the scope of the protection of the Ministry of national defense. At the same time, it puts forward measures to strengthen the network security information sharing with all departments of the government and between the public and private institutions.

2. Strengthen top-level leadership in cyberspace and build a unified system of military and local network defense

After the "9.11" incident, the United States has established a network information security organization system coordinated by the president's office of critical infrastructure protection, with the Department of homeland security as the center, supplemented by the departments of defense, commerce, administration and budget, and initially achieved close military local cooperation. Obama released the cyberspace assessment policy report at the beginning of taking office, calling for strengthening top-level leadership in cyberspace. In May 2010, the U.S. cyber command was officially launched to coordinate the internal cyber command departments of different services. At the same time, it is stipulated that the network command and the National Security Bureau shall be led by one person. This "double hat" mechanism has continued to this day, which not only guarantees the network security of the network command, but also provides it with intelligence support, and also has carried out close cooperation with the Ministry of homeland security, the Ministry of justice, the Federal Bureau of investigation and other departments. At the same time, the United States coordinated the military and civil leadership system and actively built a unified leadership system for Cyber Defense. Under the National Security Affairs Assistant Office of the president, there is a security affairs assistant office in charge of network security. The chief of the office is the network affairs coordinator, who is responsible for assisting the president to coordinate and coordinate network security affairs under the national security committee system. At the same time, the network defense is divided into three areas: the Ministry of homeland security is responsible for the defense and emergency response of domestic network security, network crime and network terrorism; the Ministry of defense is responsible for foreign military network operations, defense of national key infrastructure offensive network operations; the national security agency supports domestic and foreign cyberspace intelligence operations. The three major businesses are under the unified leadership of the president, and the major strategic and policy issues related to cyberspace are decided and deployed in accordance with the leadership system of the National Security Council.

3. Strengthen the construction of legal system to provide legal guarantee for the integrated development

A series of network security strategies issued by the United States provide guiding principles and follow paths for the development of network military civilian integration. For example, the international strategy for cyberspace issued by the State Department of the United States and the action strategy for cyberspace issued by the Department of defense in 2011 put forward the overall plan and strategic guarantee for strengthening military civilian coordination and public-private cooperation from a macro perspective. In terms of specific laws and regulations, in order to realize the sharing of military and local risk information, the house of Representatives has repeatedly promoted the promulgation of the network information sharing and Protection Act; in 1993, the United States promulgated the national defense authorization law, which clearly proposed the development thinking of the infrastructure integration of military and civil industry, and promoted the research and development of dual-use information technology; in order to improve and perfect the general military and civil standards of information technology The United States actively promotes the development of the network security research and development law for technology and standard research and development; in terms of strengthening the training of network infrastructure security and network security talents, the United States constantly improves the relevant legal rules such as the national network security and Key Infrastructure Protection Act and the network security labor force framework. With the advent of the era of big data, in order to adapt to the new changes brought about by information technology, the United States has made corresponding adjustments to the relevant strategies and policy documents of network security and civil military integration. For example, the Obama administration released the big data research and development initiative and the U.S. Department of defense cloud computing strategy, which played a guiding role in the civil military integration of cyberspace under the condition of big data.

The U.S. government attaches great importance to the role of the private sector in cybersecurity and regards strong public-private partnerships as a fundamental pillar of the U.S. cyberspace strategy. Its network security industry implements public-private cooperation and military civilian joint construction and sharing, which reduces the public cost, improves the operation efficiency, and helps the U.S. Army to establish and maintain the right to control the network.

1. Actively expand cooperation with private enterprises and vigorously strengthen network infrastructure construction

Due to the fact that private enterprises in the United States control most of the network infrastructure, the U.S. military operations rely heavily on these enterprises, coupled with the asymmetric characteristics of cyberspace, the U.S. military can not rely on its own strength to achieve absolute control over the network. Therefore, private enterprises play an important role in the construction of network infrastructure in the United States. The United States has actively expanded cooperation with private enterprises, which is mainly reflected in: on the one hand, the military and the people jointly build information infrastructure. Relying on the national information infrastructure, the United States adopts the combination of renting local network and self built military network to build national defense information infrastructure, and the military and the civilian jointly build a solid network space to support the development needs of the country and the military. From 1978 to 1994, the United States built a GPS navigation information system composed of 24 satellites. The system gives priority to providing navigation and positioning information services for military warships, aircraft and other weapon platforms, assisting the weapon system to achieve accurate strike under the condition of informatization, and also providing civil information navigation services for the United States and even the world. In September 2001, the United States began to build a second-generation military civilian compatible defense information infrastructure, the global information grid. The information infrastructure system is composed of various communication and computer systems built by the military itself and rented places, which can provide system interfaces for joint forces, allies and non DOD users at the same time. 80% of gig adopts civil technology and products, and more than 95% of its transmission business is undertaken by commercial companies. On the other hand, most network security defense and network equipment technology research and development are undertaken by private enterprises. These private enterprises include not only traditional military enterprises such as Lockheed Martin and Raytheon, but also professional network companies such as Symantec and McAfee, as well as information industry giants such as IBM, HP and Microsoft. IBM builds "cloud computer network system" for the US Air Force and integrates the network infrastructure of 9 command centers and 100 military bases of the US Air Force by using cloud computing technology; Lockheed Martin and other subcontractors provide ground network communication and transmission system for the US Army; HP joint enterprise network partners (including at & T, IBM, Lockheed Ma Ding, Northrop Grumman and other companies) provide support for the security and operation of the backbone network of the U.S. Navy; DARPA awarded Raytheon with R & D contracts in multiple network fields, including the "x plan" to promote and take charge of.

2. Build a network information sharing mechanism to realize military and civilian information and resource sharing

The key of network security military civilian integration is the sharing of information resources. The development trend of network security is always changing rapidly. Information monitoring, threat warning and situation awareness all need real-time and effective sharing and exchange mechanism, while the interoperability of military and civil information resources can more effectively promote the all-dimensional and all-weather defense of network security. As a result, the U.S. military attaches great importance to the huge technological advantages of Internet enterprises, which, combined with the needs of the U.S. military intelligence agencies, become the main support for the U.S. military to establish and maintain the right to control the Internet. In 2015, Obama signed a presidential order to build a new information sharing and analysis organization to implement classified information sharing between private enterprises and national departments. After that, the United States set up a cyber Threat Intelligence Integration Center to share information among the director of national intelligence, the Department of homeland security, the Department of defense and the Department of justice. At present, the U.S. military authorizes some important information industry companies to access military confidential information, and these companies are also included in the military intelligence system. Through legal means, secret monitoring and administrative measures, NSA and the military have made some Internet and telecommunication enterprises in the United States become partners in intelligence cooperation. The NSA controls the flow of information in cyberspace by adding filters to the servers of these enterprises, reserving backdoors in the software, and having keys to crack encrypted information. For example, Microsoft, Google, macfield and other large Internet technology companies, in accordance with the requirements of the contract, notify the national security agency in advance before disclosing their newly discovered system vulnerabilities, so that the latter can use this priority to implement network intrusion. The U.S. military has also enhanced its network operations capabilities by strengthening cooperation with scientific research institutions. In 2013, the national security administration and North Carolina State University cooperated to build the analytical science laboratory (LAS). The laboratory mainly collects advanced ideas from the government, academia and business community to analyze big data. The research director of the Security Bureau will be the leader to organize the laboratory project. The U.S. Department of defense hopes to solve the challenges of foreign signal intelligence and information security through cooperation, so as to give the United States more advantages in the field of information processing.

3. Build a "network shooting range" between the military and the people, and use military exercises to improve the overall network security capability

The national network range is established by DARPA at the request of Congress, which provides a virtual environment for DOD to simulate real network attack and defense operations. The project is mainly built and provided by private enterprises, invested and applied by the military. In the first phase, BAE system, general dynamics, Northrop Grumman, science application international and other seven companies undertook the preliminary conceptual design. In the second phase, the prototype of the shooting range was built and delivered, which was respectively in the charge of the Applied Physics Laboratory of Hopkins University and the simulation training and support division of Lockheed Martin company. The national network shooting range is a national resource for testing military and civilian classified and unclassified network projects, which has three characteristics shared by military and civilian: in the industry, the national network shooting range covers government, national defense, finance, telecommunications, industry and other fields to meet the needs of the construction of its cyberspace infrastructure security system and scientific research and test; in the task field, the national network shooting range is set at the top level Taking account of the construction of the system, it has completed the planning, testing and evaluation, personnel education and training of the military and civil Cyberspace Security System; in the application field, the national network shooting range can provide a series of networked joint applications for various military and civil users, including supporting the construction of the national infrastructure security protection system, independent and controllable software and hardware security testing, etc. In addition, the United States attaches great importance to the joint military civilian cooperation and the use of various forces in network exercises. For example, the "cyber storm" exercise is a cross department exercise organized by the U.S. Department of Homeland Security every two years. For each exercise, the Department of defense, the national security administration and other departments participate as the core departments, and dozens of enterprises such as Cisco and Microsoft also actively participate. In addition, the Department of defense, together with the Department of homeland security, the FBI and some private companies, organized exercises such as "cyber guard" and "cyber dawn". Through these military exercises, the U.S. Department of defense has tested the actual combat effect of the network civil military cooperation, and improved the ground military in information sharing, situation awareness and decision-making process.

Different from the traditional field of land, sea, air and space operations, the main force of network operations is in the private sector, and the network technical talents are mainly from the private sector. Therefore, the U.S. strengthens the strength construction of cyberspace and the military integration of network combat resources through local recruitment, military and local training and other ways.

1. Open recruitment of local network professionals to join the US online Army

In order to encourage and attract non-governmental security talents to participate in the national network security construction, the United States specially allocated funds for recruitment, enriched the world's top computer experts and "hackers" into the military, and improved the network attack and defense capabilities. In 2002, the United States recruited top computer experts and hackers to form the world's first "hacker force" - the joint functional command of cyber warfare. After the establishment of U.S. cyber command, various services also set up corresponding organizations and recruited a large number of non-governmental personnel. For example, the 24th air force cyber command is composed of 3339 military personnel, 2975 civilian personnel and 1364 contractor employees. Twenty percent of U.S. naval cyber commands are non military. In 2012, Keith Alexander, then director of the national security administration and commander of the U.S. cyber command, attended the World Hacker conference Defcon and gave a keynote speech, calling on private hackers and security companies to cooperate with the government. After that, the U.S. national security administration began to recruit security talents with the help of RSA, blackhat, Defcon and other international security conferences. The U.S. Department of defense also launched the network fast tracking program, which allows small enterprises and individuals with excellent network attack and defense skills to participate in short-term projects by signing commercial contracts, so as to bring private network forces, especially student computer wizards, into the network talent team. In April 2015, the U.S. Defense Department said it was looking for new ways to attract technical personnel to work in the military and the Department of defense. These include hiring in places such as California's Silicon Valley to strengthen the National Guard and reserve network. In addition, the U.S. military security agencies and network security companies and other private sectors have an open, frequent and smooth flow of personnel. This "revolving door" mechanism cleverly combines the network security needs of the public sector with the human resources advantages of the private sector, and becomes an important source of network talents for the U.S. military.

2. Carry out the strategy of cultivating elite talents and train network talents jointly by the army and the local government

The United States has formulated and implemented a comprehensive network security personnel training strategy, especially the elite personnel training strategy. Since 2004, the U.S. Department of homeland security has cooperated with the information security department (IAD) of the National Security Administration (NSA) to implement the national academic elite center program. In September 2011, the U.S. Office of Homeland Security and human resources took the lead in proposing the framework of network security talent team (Draft), which clearly defined the definition, tasks and "knowledge, skills and capabilities" of network security professional field, and played an important role in guiding the development of network security professional academic education, vocational training and professional talent team construction. In 2014, the U.S. launched the "Defense Secretary company researcher program", which assigned 15 to 20 Defense Department officers in charge of cyber warfare to science and technology companies for one year, and then returned to the Defense Department to work to improve the military's cyber capabilities. In April 2015, the U.S. Department of defense extended the training time of the program for one year, changing it into a two-year system, one year training in local network companies, one year internship in the military, through civil military cooperation, to jointly cultivate comprehensive network warfare talents. The United States also actively strengthens exchanges and cooperation between military and civilian colleges. The U.S. Department of defense has signed military research contracts with nearly 2000 domestic colleges and universities. Local colleges and universities not only undertake 60% of basic research projects and some information technology development projects of the U.S. military, but also train and reserve a large number of network security and information technology talents for the U.S. military. In addition, since 2012, the U.S. Department of defense has adopted the way of scholarships to include 145 colleges and universities in the "cyber warrior" training system.

It can be seen that the military civilian integration in the field of network security in the United States is a typical case for us to refer to. Its unified strategic deployment, complete system and mechanism, mature public-private cooperation and talent training mode are worthy of our learning and reference, which is conducive to accelerating the in-depth development of network security and information-based military civilian integration in China. (this article is published in China information security, issue 8, 2016)